OpenVPN Support Forum

I have installed OpenVPN on my plugbox and I am able to connect to it remotely using the openVPN client on my laptop (Windows XP). I am able to ping the remote server just fine. However, I am unable to share my network devices which are on a different subnet.

My home network is using 192.168.1.x while my VPN server/client are using 10.1.0.x

Here is my server config (pogoplug):
dev tun
ifconfig 10.1.0.1 10.1.0.2
push "route 192.168.1.0 255.255.255.0"
secret static.key

Here is my client config (windows laptop):
remote myhostname.mydomain
dev tun
ifconfig 10.1.0.2 10.1.0.1
secret static.key

Can someone be kind enough to give me some hints on what I'd need to look for ?

Thanks

hi there,

is ip routing enabled on your plugbox?

cheers,
michael

Hi Michael,

Yes, ip forwarding is enabled on the box. Here are the contents of my /etc/sysctl.conf

# Kernel sysctl configuration

# Enable packet forwarding
net.ipv4.ip_forward=1
# Disable the magic-sysrq key (console security issues)
kernel.sysrq = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

The rule does seem to be active too...

[anandh@Plugbox openvpn]# cat /proc/sys/net/ipv4/ip_forward
1

Thanks

using netstat -nr on your client do you see the route that openvpn server sends you?

do you ping the lan ip of your plugbox from your vpn client?

is plugbox using iptables or any type of firewall?

cheers,

>share my network devices.. <--via SMB you mean?

michael.

Hi Michael,

I don't see the route on the subnet I'm trying to push on the OpenVPN server. Here's the output of my netstat -nr from remote box.

C:\>netstat -nr

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...5c ff 35 0d 9b b8 ...... Intel(R) 82577LM Gigabit Network Connection - Teefer2 Miniport
0x4 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Teefer2 Miniport
0x5 ...00 ff 47 c8 e9 d2 ...... TAP-Win32 Adapter V8 - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.21.184.253 172.21.184.176 10
10.1.0.0 255.255.255.252 10.1.0.2 10.1.0.2 30
10.1.0.2 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.1.0.2 10.1.0.2 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 172.21.184.176 172.21.184.176 20
172.21.184.0 255.255.255.0 172.21.184.176 172.21.184.176 10
172.21.184.176 255.255.255.255 127.0.0.1 127.0.0.1 10
172.21.255.255 255.255.255.255 172.21.184.176 172.21.184.176 10
224.0.0.0 240.0.0.0 10.1.0.2 10.1.0.2 30
224.0.0.0 240.0.0.0 172.21.184.176 172.21.184.176 10
255.255.255.255 255.255.255.255 10.1.0.2 10.1.0.2 1
255.255.255.255 255.255.255.255 172.21.184.176 4 1
255.255.255.255 255.255.255.255 172.21.184.176 172.21.184.176 1
Default Gateway: 172.21.184.253
===========================================================================
Persistent Routes:
None

Though I can ping the VPN ip of the remote host, I cannot seem ping the LAN ip of the plugbox.

No, plugbox doesnt use iptables or any other firewall.

yes, I am trying to use SMB eventually... but for now, I am not even able to ping to any ips within the remote subnet.

Thanks.

hi there,

in your windows , are you running openvpn with admin privileges?

cheers,

michael

Hi Michael,

Yes, I am running openvpn with admin privileges on the windows machine.

Thanks

on your client,

use verb 3 or higher and check the logs to see if the server tries to push the route to you...

cheers,

michael.

ps:what openvpn version you use on windows?

Hi michael,

I used a verb level 6 and still couldn't find an entry in the client log corresponding to the 192.168.1.0 route pushed from the server

Initially I tried the stable version 2.1.4 for windows. Currently, I am using openvpn beta version 2.2-beta5.

Btw, if I manually add the route on my client side, it seems to work. As in, if I were to execute the following..
"route ADD 192.168.1.0 MASK 255.255.255.0 10.1.0.1 METRIC 1" on my client side, then the system is able to use the route and I can ping my 192.168.1.x subnet

I guess I can add the route directly on my server side config to get this working. But kind of curious if there is any way to debug why the server doesnt seem to be able to push the route.

Thanks

you can also check server logs as well...

you can also add the route manually with -p (persistent) switch.

cheers,

michael

Michael.

Thanks for the quick reply & help troubleshoot this one..

I did check the server logs actually. and I can see the push entry in there..
<<Thu Jan 27 08:21:17 2011 us=327738 push_entry = 'route 192.168.1.0 255.255.255.0' >>

Anyways, I've added the persistent route on my client side now, and I'll now figure out how to samba

Thanks